Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: can not remove ilivid even after reboot

  1. #1
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default can not remove ilivid even after reboot

    please help, this has been a longstanding issue and browser freezes for a second or two every now and again which leads me to think something is still burrowing in the background. I have uninstalled whatever I could find as ilivid including browser addins etc.
    See log below, I stopped the scan after this item was found just to get the log to post here. My system seems clean except for this one item.
    Also see two attached logs (aswMBR.txt and FRST.txt) I also have "Addition.txt" ready to go but it is just too big to upload,

    ilivid.Toolbar: [SBI $BB9CE1DE] Program directory (Directory, nothing done)
    C:\Program Files (x86)\Search Results Toolbar\

    User abort!: Scan was not completed successfully. (Status)

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    Edit Removed updates log. Previous topic in Spybot forum: http://forums.spybot.info/showthread...ht=#post461503


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Ian (administrator) on IAN-SMALL-PC on 28-01-2015 08:47:47
    Running from C:\Users\Ian\Documents\utils\spybot recomended
    Loaded Profiles: Ian (Available profiles: Ian)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    () C:\Windows\PLFSetI.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    (Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Dropbox, Inc.) C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
    HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [CameraWatcher] => C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [128128 2013-06-21] (LoiLo inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: D - D:\DTVP_Launcher.exe
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: {412a5771-9d04-11e1-96c8-206a8a146665} - D:\DTVP_Launcher.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-07] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-04-09] ()
    AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
    AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
    AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll [474112 2013-05-08] () <===== ATTENTION
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll [643584 2013-05-08] () <===== ATTENTION
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z115t67k1k06s
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA411
    SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=18
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 64.59.144.93 64.59.150.139 192.168.125.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default
    FF DefaultSearchEngine: Norton Safe Search
    FF SearchEngineOrder.1: Search Results
    FF Homepage: about:home
    FF Keyword.URL: hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=360&chn=retail&geo=CA&ver=21&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/O1DPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF user.js: detected! => C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\searchplugins\safesearch.xml
    FF Extension: British English Dictionary - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-01-05]
    FF Extension: Delicious Bookmarks - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-24]
    FF Extension: Yahoo! Toolbar - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
    FF Extension: Extension Manager - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\pluginfy@pluginfy.manager.xpi [2012-07-14]
    FF Extension: Media Converter - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2011-08-27]
    FF Extension: New Tab - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi [2013-06-07]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-23]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2014-05-17]
    FF HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.searchnu.com/406?appid=362
    CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Norton Confidential) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
    CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
    CHR Extension: (Google Cast) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
    CHR Extension: (Norton Identity Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
    CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-01]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-07]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-03]
    CHR Extension: (Norton Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-12-31]
    CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
    CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-18]
    CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
    R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
    R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 0307951356394099mcinstcleanup; C:\Users\Ian\AppData\Local\Temp\030795~1.EXE -cleanup -nolog [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
    S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
    R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-16] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
    R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-17] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 08:46 - 2015-01-28 08:47 - 00000000 ____D () C:\FRST
    2015-01-28 08:40 - 2015-01-28 08:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IAN-SMALL-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-01-28 08:36 - 2015-01-28 08:36 - 00002243 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\RegBackup
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-26 09:13 - 2014-11-05 21:59 - 00450776 _____ () C:\Windows\system32\Drivers\etc\hosts.20150126-091312.backup
    2015-01-26 07:41 - 2015-01-26 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-14 07:43 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 07:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 07:43 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 07:43 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 07:43 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 07:43 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 07:43 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 07:43 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 07:43 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 07:43 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 07:43 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 07:43 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 07:43 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-12-31 18:34 - 2014-12-31 18:34 - 00001212 _____ () C:\Users\Ian\Desktop\Chromecast.lnk
    2014-12-31 18:34 - 2014-12-31 18:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-12-29 21:18 - 2014-12-29 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 08:45 - 2010-12-20 16:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Skype
    2015-01-28 08:44 - 2011-02-10 21:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001UA.job
    2015-01-28 08:31 - 2010-12-20 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-28 08:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-28 08:27 - 2012-08-16 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 07:29 - 2011-01-17 08:14 - 00000000 ___RD () C:\Users\Ian\Dropbox
    2015-01-28 07:29 - 2011-01-17 08:08 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
    2015-01-28 07:26 - 2012-12-02 07:41 - 00000000 ___RD () C:\Users\Ian\Google Drive
    2015-01-28 07:24 - 2010-12-20 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-28 07:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-28 07:24 - 2009-07-13 20:51 - 00159847 _____ () C:\Windows\setupact.log
    2015-01-28 07:22 - 2012-04-24 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-28 07:20 - 2010-08-28 05:24 - 01951779 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 00:44 - 2011-02-10 21:36 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001Core.job
    2015-01-27 21:50 - 2010-12-24 08:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-01-27 19:24 - 2010-12-29 11:31 - 00056832 _____ () C:\Users\Ian\Documents\pwfile(2011).xlsx
    2015-01-27 15:16 - 2011-02-25 12:40 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
    2015-01-27 14:59 - 2012-08-16 11:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-27 14:59 - 2012-04-08 10:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-27 14:59 - 2011-06-16 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-27 10:59 - 2010-12-24 08:34 - 00000000 ____D () C:\Users\Ian\Documents\utils
    2015-01-26 19:42 - 2010-12-20 16:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-26 19:38 - 2012-12-02 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-26 17:25 - 2011-03-08 12:27 - 00000000 ____D () C:\Users\Ian\Documents\Admin
    2015-01-26 16:08 - 2014-04-24 05:57 - 00024576 _____ () C:\Users\Ian\Documents\pwfileicbc.xlsx
    2015-01-26 07:33 - 2011-01-17 22:28 - 00000000 ____D () C:\Users\Ian\Documents\investments
    2015-01-25 11:56 - 2010-12-21 06:03 - 00000000 ____D () C:\Users\Ian\Documents\e-Sword
    2015-01-23 08:51 - 2011-08-18 05:42 - 00000000 ____D () C:\Users\Ian\Documents\temp
    2015-01-23 07:46 - 2010-12-20 16:11 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Mozilla
    2015-01-21 08:41 - 2014-11-05 21:48 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Audacity
    2015-01-16 12:01 - 2014-05-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2015-01-16 09:13 - 2010-08-28 05:24 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
    2015-01-16 07:45 - 2012-11-02 20:34 - 00775912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-16 07:45 - 2009-07-13 21:13 - 00775912 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-15 08:31 - 2010-05-19 17:06 - 02812802 _____ () C:\Windows\PFRO.log
    2015-01-15 08:24 - 2013-09-27 21:45 - 00000000 ____D () C:\Users\Ian\Documents\Outlook Files
    2015-01-15 08:11 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 07:50 - 2010-12-26 19:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 11:33 - 2010-12-20 21:33 - 00000000 ____D () C:\Users\Ian\AppData\Local\Microsoft Help
    2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-04 00:03 - 2012-12-24 17:05 - 00000336 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2015-01-02 09:35 - 2012-12-24 17:05 - 00000322 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    2015-01-01 04:09 - 2014-11-07 21:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-12-31 18:34 - 2010-12-20 07:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2010-12-20 16:27 - 2010-12-20 16:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2011-04-23 06:46 - 2011-11-27 20:54 - 0001353 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll


    Some content of TEMP:
    ====================
    C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvc0mr.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-16 16:24

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-28 08:56:14
    -----------------------------
    08:56:14.073 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:56:14.073 Number of processors: 4 586 0x2505
    08:56:14.073 ComputerName: IAN-SMALL-PC UserName: Ian
    08:56:16.613 Initialize success
    08:56:16.853 VM: initialized successfully
    08:56:16.853 VM: Intel CPU supported
    08:56:29.766 VM: supported disk I/O iaStor.sys
    08:59:32.400 AVAST engine defs: 15012800
    09:01:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    09:01:44.437 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    09:01:44.597 VM: Disk 0 MBR read successfully
    09:01:44.607 Disk 0 MBR scan
    09:01:44.627 Disk 0 Windows VISTA default MBR code
    09:01:44.647 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
    09:01:44.677 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
    09:01:44.687 Disk 0 default boot code
    09:01:44.717 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
    09:01:44.867 Disk 0 scanning C:\Windows\system32\drivers
    09:02:04.291 Service scanning
    09:02:09.232 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys **LOCKED** 5
    09:02:14.363 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
    09:02:15.213 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
    09:02:20.304 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys **LOCKED** 5
    09:02:27.046 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\ENG64.SYS **LOCKED** 5
    09:02:27.326 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\EX64.SYS **LOCKED** 5
    09:02:50.622 Modules scanning
    09:02:50.642 Disk 0 trace - called modules:
    09:02:50.702 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    09:02:50.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d73060]
    09:02:50.722 3 CLASSPNP.SYS[fffff88001d7b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007aac050]
    09:02:53.262 AVAST engine scan C:\Windows
    09:02:59.164 AVAST engine scan C:\Windows\system32
    09:09:27.002 AVAST engine scan C:\Windows\system32\drivers
    09:10:04.166 AVAST engine scan C:\Users\Ian
    10:08:33.571 AVAST engine scan C:\ProgramData
    10:36:26.132 File: C:\ProgramData\Wincert\win32prop.dll **INFECTED** Win32:Adware-BRT [Adw]
    10:36:26.423 Disk 0 statistics 5521531/0/22 @ 0.64 MB/s
    10:36:26.443 Scan finished successfully
    10:52:07.087 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\MBR.dat"
    10:52:07.106 The log file has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2015-01-29 at 18:10. Reason: Copy pasted logs into topic, added link to previous thread

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can you attach the Addition.txt, I will need to see this.


    Running from C:\Users\Ian\Documents\utils\spybot recomended

    It's best we move Farbar's to desktop.

    Please go to your downloads folder(utils\spybot recomended), locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




    start
    CloseProcesses:
    AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
    AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-04-09] ()
    AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
    AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
    AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll" File Not Found
    C:\ProgramData\Wincert
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll [474112 2013-05-08] () <===== ATTENTION
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll [643584 2013-05-08] () <===== ATTENTION
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    earchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=18
    Toolbar: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF SearchEngineOrder.1: Search Results
    FF user.js: detected! => C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\user.js
    CHR HomePage: Default -> hxxp://www.searchnu.com/406?appid=362
    CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [Not Found]
    2010-12-20 16:27 - 2010-12-20 16:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll
    C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvc0mr.dll
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************
    please post
    fixlist.txt
    AdwCleaner.txt
    Malwarebytes' Anti-Malware log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default

    I will start following all the steps you suggest in a mo.
    In the meanwhile
    - re addition.txt .. as mentioned I am not able to post the "addition.txt" (50kb) it due to size.. so what I have attached is a zipped version of the .txt. (attached)
    - Re desktop folder (ie just on desktop) vs my folder.. i do not think that matters (I was keeping all these files in one place) but will move all to desktop if you insist.
    Thanks
    Attached Files Attached Files

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    re addition.txt .. as mentioned I am not able to post the "addition.txt" (50kb) it due to size.. so what I have attached is a zipped version of the .txt. (attached)
    - Re desktop folder (ie just on desktop) vs my folder.. i do not think that matters (I was keeping all these files in one place) but will move all to desktop if you insist.
    No I don't insist if you can keep them in the same folder. Most people find it easier to move FRST to desktop to place the Fixlog with it.

    Will post back after I've had a chance to look over the Additions txt.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's continue with these scans

    please post
    fixlist.txt
    AdwCleaner.txt
    Malwarebytes' Anti-Malware log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default

    Thanks Juliet... I appreciate the help.

    I have run all the other scans.. here are the logs:
    - 1. after placing FRST64 and fixlist.txt on desktop and running it produced fixlog.txt (attached, ps.. i moved it back from desktop to my logs folder before attaching it)
    - 2. AdwCleaner[S0].txt attached
    - 3. malware bytes run found no threats.
    --- note though that on my versions i did not have the option to click scan and then threat scan.. that said when the scan was running it said "threat scan" in the top while it ran. here is that log.
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 30/01/2015
    Scan Time: 10:03:02 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.30.07
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Ian

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 358433
    Time Elapsed: 44 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Attached Files Attached Files

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Took out quite a bit of ugly stuff.
    Tell me what the computer is doing Now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default

    So far so good.
    I am re running the spybot check, by now it would have found the ilivid error.. that is resolved. There were no other errors before so I am not anticipating anything, but the scan takes quite a while.
    When I started firefox I got a little turtle at the bottom of the screen telling me firefox is slow... i just ignored that...

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    When I started firefox I got a little turtle at the bottom of the screen telling me firefox is slow... i just ignored that
    Well thats new to me.

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default

    here re the results of that scan. took almost 9 hours to run!

    The second last line (FLV player) I recall needing back in the day
    Attached Files Attached Files

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •